pickup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's core purpose is to read files from
.claude/handoffs/and explicitly instructs the agent to "proceed with the next step described in the handoff". - Ingestion points: Markdown files located in the
.claude/handoffs/directory. - Boundary markers: Absent. The process description does not include instructions for the agent to treat the file content as data rather than instructions, nor are there delimiters used to isolate the content.
- Capability inventory: The skill is intended to be used by agents with the capability to perform tasks (code execution, file modification) based on the "next steps" found in the handoff.
- Sanitization: Absent. There is no validation of the handoff file's content before the agent is told to follow its instructions.
Recommendations
- AI detected serious security threats
Audit Metadata